Scam Watch- Summer 2019

Computers have made our lives easier in many ways, but they have also made the barrier between our public and private lives more permeable—opening the average users up to attempts at fraud from bad actors. Here is a short breakdown of the most common scams we’ve seen affecting both businesses and consumers over the last several months.

“Microsoft Calling”

This one has been around for years and is still prevalent today. Scammers might initiate this by cold calling telephone numbers, then when the target answers they pretend to be a Microsoft tech who has detected a problem with your computer and needs to connect to it to resolve the issue. Microsoft will never initiate a service ticket like this and any time you receive unsolicited communication from someone claiming to be from Microsoft you should assume it is illegitimate. Scammers are not just using Microsoft as a cover for their nefarious activities—pop up ads will attempt to mimic error messages from Apple and bad actors buy sponsored listings on search engines to give false phone numbers for Dell, HP and other companies’ tech support resources.

Phishing For Fraud

Businesses are often targeted for phishing attacks to try to gain access to a company’s email accounts. Once a hacker has control of an email account, they will scour the inbox for evidence of interaction with certain vendors. Mobile phone carriers are one of the most popular targets for this sort of exploitation. If the targeted email address contains past emails with an account representative, hackers will attempt to order thousands of dollars’ worth of mobile phones, having them sent to fences around the country where they can be resold. The numbers are somewhat opaque, but evidence suggests that major carriers such as Sprint and Verizon process tens of millions of dollars in fraudulent purchases every year. What is the best way to mitigate this risk? Turn on 2-factor authentication for all of the email addresses at your company.

Intuit and TurboTax Scams

This one seemed to be far more popular during tax season this year, but small businesses may be targeted by emails purporting to be from Intuit year-round, as an extension of a phishing attack. The TurboTax version of this involves scammers buying ad-space for featured results on search engines. They list the TurboTax software for a fee (usually around $19) which the target buys through PayPal. The victim then downloads software which is actually a pirated version, imbedded with malware. The damage here is two-fold: the victim is out $20 for illegitimate software, but if an antivirus program doesn’t flag the malware before the unsuspecting victim uploads their tax information, they have opened themselves up to identity theft. The long and short of it is this: any time you are buying software online, ensure you are purchasing it from a legitimate vendor, such as Amazon, Newegg or directly from Intuit. Don’t trust emails that appear to be from Intuit or other software vendors claiming to have links to updates—always update from within the program itself. If you have questions about what a legitimate email correspondence from Intuit might look like, they’ve provided some resources here.

If you believe you may have fallen victim to a computer scam or just want to make sure you are as safe from these sorts of attacks as possible, reach out to your trusted local partner, Mankato Computer Technology.